Bitdefender Antispam Settings, IMAP, and Quirks
I have 10 email addresses in Thunderbird: 9 use IMAP and 1 is from my website using some mongrel package from my web host. My current download of BD's Help doc says BD doesn't do IMAP; however before I saw this, either I, or BD default, enabled Antispam and Thunderbird had a new BD Antispam add-on, plus, curiously, newly inserted "BD: Dangerous" and "BD: Safe" folders for just one of my email addresses.
My BD account is managed via my main public-facing email address. If any of the 9 IMAP email folders should have gotten Antispam's attention, my bet would have been this one … 🙄
I have a Gmail account which is merely a consequence of owning an Android phone. This account's sole use is to manage Google assets because it is the only account that is endlessly bombarded by spam. Thus a filter simply keeps any email from Google and deletes all else. Equally curious, it was this email address which got Antispam's sole attention. Unfortunately, Antispam's forte is in recognizing Safe email, thus it removes Google's messages from the flow in which my filter would keep them in my inbox, adding extra clicks to manage them.
"Turn off Antispam," you say? I did that. "Remove the Antispam add-on from Thunderbird?" I did that. I even removed BD's "Dangerous" and "Safe" folders from that email account, only to see them automatically reinstated, and populated with a couple of Safe emails as if the add-on were still installed and/or the Antispam dashboard item were still enabled.
And what are Antispam's settings? Watch for Asian and Cyrillic characters: none in my spam mountain. Manually enter friend and foe email addresses: those that are spoofed may be otherwise legitimate addresses, but the vast majority are endlessly unique random strings specifically intended to make it nearly impossible to catalogue or report them all. Among hundreds of spam emails per day, BD catches a bad one about once every 2-3 months.
It seems like analysis of headers (Spamhaus), message content, links to risky domains (VirusTotal), and chain redirections (WhereGoes) using risky domains would be more fruitful. (And if the landing page is empty or an error code page, either the page or path is broken or it's designed to load only in a live browser - to be avoided in any case.) But until this is engineered, it would be great to have a setting that completely stops useless puttering with my email.
